Friday, January 13, 2012

Creating a Self-Signed SSL Certificate for Multiple Domains

This morning's adventure was trying to figure out how to generate a self-signed SSL certificate for multiple domains using OpenSSL. I found lots of discussions online, but they all didn't quite work. There were a few different ways to get a Certificate Signing Request with the SubjectAltName fields correct, but the signed certificate itself didn't have them. Finally, I got something that worked.

Before saving the file, some changes will need to be made to be specific to your site. The one critical change is to change the [alt_names] section to be relevant to your domain, since these needed to be specified in the configuration file rather than being requested later. If you need more or fewer DNS names you can add or remove lines. One thing to note is that the first time I tried this, Firefox didn't like the URL when I tried to connect using the domain name listed in the commonName field, so I went ahead and added it to the alt_names section as well.

You may also want to change the default keyfile names and other defaults to save yourself some typing later, especially if you're only going to be generating one certificate.

Once you have the configuration file the way you like it, you're ready to generate the key and certificate. We'll be doing it in just one step, without saving the intermediate certificate signing request:

You'll be promoted for various certificate parameters; if you didn't change the defaults to what you want, you will need to enter them when prompted, otherwise you can just hit Enter at each prompt to accept the default specified in the configuration file. The certificate will be good for one year, if you want to change it, you can alter the number of days specified in the command line (or change the default in the config file).

Once this is done, you'll see two new files: example.key (which contains the private key) and example.crt (which contains the public certificate). Do whatever it is to need to do with them for your application.

Its really clear and straight forward explanation of self-signed SSL certificate for multiple domains. We really appreciate your efforts for writing this entire tutorial. Being Platinum Certificate Authority that we are going to recommend your blog to SSL Installation Education and I wish that your blog post will help to other users.